basebuilder_pel7x64builder0
6 years ago
3 changed files with 576 additions and 1 deletions
@ -0,0 +1,506 @@
@@ -0,0 +1,506 @@
|
||||
From 0d4220fa98fbbd8aa0944a6ed87122b579716ff5 Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Mon, 10 Sep 2018 15:22:28 +0200 |
||||
Subject: [PATCH 1/9] systemd/dhcp: fix assertion starting DHCP client without |
||||
MAC address |
||||
|
||||
An assertion in dhcp_network_bind_raw_socket() is triggered when |
||||
starting an sd_dhcp_client without setting setting a MAC address |
||||
first. |
||||
|
||||
- sd_dhcp_client_start() |
||||
- client_start() |
||||
- client_start_delayed() |
||||
- dhcp_network_bind_raw_socket() |
||||
|
||||
In that case, the arp-type and MAC address is still unset. Note that |
||||
dhcp_network_bind_raw_socket() already checks for a valid arp-type |
||||
and MAC address below, so we should just gracefully return -EINVAL. |
||||
|
||||
Maybe sd_dhcp_client_start() should fail earlier when starting without |
||||
MAC address. But the failure here will be correctly propagated and |
||||
the start aborted. |
||||
|
||||
See-also: https://github.com/systemd/systemd/pull/10054 |
||||
(cherry picked from commit 34af574d5810ab2b0d6d354cbc28135cde4a55b1) |
||||
(cherry picked from commit 0a797bdc2a592385a21e7ed918c08ef54a346d99) |
||||
(cherry picked from commit f37ed84ca495ee212b1e82b9c5a5682c4acfebcd) |
||||
--- |
||||
src/systemd/src/libsystemd-network/dhcp-network.c | 2 -- |
||||
1 file changed, 2 deletions(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp-network.c b/src/systemd/src/libsystemd-network/dhcp-network.c |
||||
index 90fe29d04..80e9577cd 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp-network.c |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp-network.c |
||||
@@ -128,8 +128,6 @@ int dhcp_network_bind_raw_socket(int ifindex, union sockaddr_union *link, |
||||
const uint8_t *bcast_addr = NULL; |
||||
uint8_t dhcp_hlen = 0; |
||||
|
||||
- assert_return(mac_addr_len > 0, -EINVAL); |
||||
- |
||||
if (arp_type == ARPHRD_ETHER) { |
||||
assert_return(mac_addr_len == ETH_ALEN, -EINVAL); |
||||
memcpy(ð_mac, mac_addr, ETH_ALEN); |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From ee92f8164c0ecee86cec104240f0bbe155901891 Mon Sep 17 00:00:00 2001 |
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com> |
||||
Date: Sun, 30 Sep 2018 20:23:58 +0900 |
||||
Subject: [PATCH 2/9] dhcp6: check option length before reading values |
||||
|
||||
Fixes oss-fuzz#10746 |
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10746. |
||||
|
||||
https://github.com/systemd/systemd/pull/10213 |
||||
https://github.com/systemd/systemd/commit/84452783b8bcc44e0dbb7fa6ddc6dad8c064bdfe |
||||
(cherry picked from commit 484e92e17f93aa9658944dc886d420ef32bc625e) |
||||
(cherry picked from commit 0cec1cb93edd2efa6bee8e2ec1000d94a86ec61e) |
||||
(cherry picked from commit 8b8b248679ee17b5c8e68fb8e8e6f6cd3ec32f03) |
||||
--- |
||||
src/systemd/src/libsystemd-network/dhcp6-internal.h | 2 +- |
||||
src/systemd/src/libsystemd-network/dhcp6-option.c | 11 ++++++----- |
||||
src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 2 +- |
||||
3 files changed, 8 insertions(+), 7 deletions(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp6-internal.h b/src/systemd/src/libsystemd-network/dhcp6-internal.h |
||||
index f1cbd6a4f..06e2e5324 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp6-internal.h |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp6-internal.h |
||||
@@ -91,7 +91,7 @@ int dhcp6_option_append_pd(uint8_t *buf, size_t len, DHCP6IA *pd); |
||||
int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn); |
||||
int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, |
||||
size_t *optlen, uint8_t **optvalue); |
||||
-int dhcp6_option_parse_status(DHCP6Option *option); |
||||
+int dhcp6_option_parse_status(DHCP6Option *option, size_t len); |
||||
int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia); |
||||
int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, |
||||
struct in6_addr **addrs, size_t count, |
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
index a8a56463a..e462b7083 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
@@ -249,10 +249,11 @@ int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, |
||||
return 0; |
||||
} |
||||
|
||||
-int dhcp6_option_parse_status(DHCP6Option *option) { |
||||
+int dhcp6_option_parse_status(DHCP6Option *option, size_t len) { |
||||
DHCP6StatusOption *statusopt = (DHCP6StatusOption *)option; |
||||
|
||||
- if (be16toh(option->len) + sizeof(DHCP6Option) < sizeof(*statusopt)) |
||||
+ if (len < sizeof(DHCP6StatusOption) || |
||||
+ be16toh(option->len) + sizeof(DHCP6Option) < sizeof(DHCP6StatusOption)) |
||||
return -ENOBUFS; |
||||
|
||||
return be16toh(statusopt->status); |
||||
@@ -279,7 +280,7 @@ static int dhcp6_option_parse_address(DHCP6Option *option, DHCP6IA *ia, |
||||
} |
||||
|
||||
if (be16toh(option->len) + sizeof(DHCP6Option) > sizeof(*addr_option)) { |
||||
- r = dhcp6_option_parse_status((DHCP6Option *)addr_option->options); |
||||
+ r = dhcp6_option_parse_status((DHCP6Option *)addr_option->options, be16toh(option->len) + sizeof(DHCP6Option) - sizeof(*addr_option)); |
||||
if (r != 0) |
||||
return r < 0 ? r: 0; |
||||
} |
||||
@@ -319,7 +320,7 @@ static int dhcp6_option_parse_pdprefix(DHCP6Option *option, DHCP6IA *ia, |
||||
} |
||||
|
||||
if (be16toh(option->len) + sizeof(DHCP6Option) > sizeof(*pdprefix_option)) { |
||||
- r = dhcp6_option_parse_status((DHCP6Option *)pdprefix_option->options); |
||||
+ r = dhcp6_option_parse_status((DHCP6Option *)pdprefix_option->options, be16toh(option->len) + sizeof(DHCP6Option) - sizeof(*pdprefix_option)); |
||||
if (r != 0) |
||||
return r < 0 ? r: 0; |
||||
} |
||||
@@ -464,7 +465,7 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { |
||||
|
||||
case SD_DHCP6_OPTION_STATUS_CODE: |
||||
|
||||
- status = dhcp6_option_parse_status(option); |
||||
+ status = dhcp6_option_parse_status(option, optlen); |
||||
if (status) { |
||||
log_dhcp6_client(client, "IA status %d", |
||||
status); |
||||
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
index ca03f580e..b82e3f45f 100644 |
||||
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
@@ -828,7 +828,7 @@ static int client_parse_message( |
||||
break; |
||||
|
||||
case SD_DHCP6_OPTION_STATUS_CODE: |
||||
- status = dhcp6_option_parse_status(option); |
||||
+ status = dhcp6_option_parse_status(option, optlen); |
||||
if (status) { |
||||
log_dhcp6_client(client, "%s Status %s", |
||||
dhcp6_message_type_to_string(message->type), |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From a944785f244e92094eb4379cf12e76f5205037d3 Mon Sep 17 00:00:00 2001 |
||||
From: Evgeny Vereshchagin <evvers@ya.ru> |
||||
Date: Sat, 29 Sep 2018 03:06:10 +0000 |
||||
Subject: [PATCH 3/9] dhcp6: fix an off-by-one error in |
||||
dhcp6_option_parse_domainname |
||||
|
||||
==14==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200055fa9c at pc 0x0000005458f1 bp 0x7ffc78940d90 sp 0x7ffc78940d88 |
||||
READ of size 1 at 0x60200055fa9c thread T0 |
||||
#0 0x5458f0 in dhcp6_option_parse_domainname /work/build/../../src/systemd/src/libsystemd-network/dhcp6-option.c:555:29 |
||||
#1 0x54706e in dhcp6_lease_set_domains /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-lease.c:242:13 |
||||
#2 0x53fce0 in client_parse_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:984:29 |
||||
#3 0x53f3bc in client_receive_advertise /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1083:13 |
||||
#4 0x53d57f in client_receive_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1182:21 |
||||
#5 0x7f0f7159deee in source_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3042:21 |
||||
#6 0x7f0f7159d431 in sd_event_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3455:21 |
||||
#7 0x7f0f7159ea8d in sd_event_run /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3512:21 |
||||
#8 0x531f2b in fuzz_client /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:44:9 |
||||
#9 0x531bc1 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:53:9 |
||||
#10 0x57bec8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15 |
||||
#11 0x579d67 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3 |
||||
#12 0x57dc92 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19 |
||||
#13 0x580ca6 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5 |
||||
#14 0x55e968 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6 |
||||
#15 0x551a1c in main /src/libfuzzer/FuzzerMain.cpp:20:10 |
||||
#16 0x7f0f701a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) |
||||
#17 0x41e928 in _start (/out/fuzz-dhcp6-client+0x41e928) |
||||
|
||||
https://github.com/systemd/systemd/pull/10200 |
||||
https://github.com/systemd/systemd/commit/b387d3c1327a3ad2a2509bd3d3491e674392ff21 |
||||
(cherry picked from commit 7cb7cffc4962245a32e87017bcf264005c043250) |
||||
(cherry picked from commit cd3aacefdd0b91741b7b2e7b5ee5baab210addd9) |
||||
(cherry picked from commit 5b140a77bc7b01dc002dbf28a7a2507a27a63d7c) |
||||
--- |
||||
src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
index e462b7083..ff1cbf13d 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
@@ -566,7 +566,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * |
||||
/* Literal label */ |
||||
label = (const char *)&optval[pos]; |
||||
pos += c; |
||||
- if (pos > optlen) |
||||
+ if (pos >= optlen) |
||||
return -EMSGSIZE; |
||||
|
||||
if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) { |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From fc04015063d44a61b85bdf2c2648d9ac9fb4a446 Mon Sep 17 00:00:00 2001 |
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com> |
||||
Date: Thu, 27 Sep 2018 18:04:59 +0900 |
||||
Subject: [PATCH 4/9] sd-dhcp-lease: fix memleaks |
||||
|
||||
(cherry picked from commit e2975f854831d08a25b4f5eb329b6d04102e115f) |
||||
(cherry picked from commit 157094abd83f933fad142758a7d177cfa1a347f7) |
||||
(cherry picked from commit 3fd9d11619a5e60d375076fbe13851dd1d3a4a63) |
||||
--- |
||||
src/systemd/src/libsystemd-network/sd-dhcp-lease.c | 2 ++ |
||||
1 file changed, 2 insertions(+) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c |
||||
index 33a0796a8..841d07926 100644 |
||||
--- a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c |
||||
+++ b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c |
||||
@@ -279,6 +279,8 @@ sd_dhcp_lease *sd_dhcp_lease_unref(sd_dhcp_lease *lease) { |
||||
free(option); |
||||
} |
||||
|
||||
+ free(lease->root_path); |
||||
+ free(lease->timezone); |
||||
free(lease->hostname); |
||||
free(lease->domainname); |
||||
free(lease->dns); |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From ae56f71f5bd4233f335ec4c2a5172b59be3d80ca Mon Sep 17 00:00:00 2001 |
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com> |
||||
Date: Thu, 27 Sep 2018 23:48:51 +0900 |
||||
Subject: [PATCH 5/9] dhcp6: fix buffer size checking |
||||
|
||||
(cherry picked from commit cb1bdeaf56852275e6b0dd1fba932bb174767f70) |
||||
(cherry picked from commit 91fb1673d5217aaf1461998fd2675630f5c265f9) |
||||
(cherry picked from commit 15a3c6c692ee0125d4673df42ef8986e9e3d69c7) |
||||
--- |
||||
src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 4 ++-- |
||||
1 file changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
index b82e3f45f..b65c31171 100644 |
||||
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
@@ -776,8 +776,8 @@ static int client_parse_message( |
||||
uint8_t *optval; |
||||
be32_t iaid_lease; |
||||
|
||||
- if (len < offsetof(DHCP6Option, data) || |
||||
- len < offsetof(DHCP6Option, data) + be16toh(option->len)) |
||||
+ if (len < pos + offsetof(DHCP6Option, data) || |
||||
+ len < pos + offsetof(DHCP6Option, data) + be16toh(option->len)) |
||||
return -ENOBUFS; |
||||
|
||||
optcode = be16toh(option->code); |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From 9babde953073b460d8bcda13329c60a0a74cdc3c Mon Sep 17 00:00:00 2001 |
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com> |
||||
Date: Fri, 19 Oct 2018 03:44:56 +0900 |
||||
Subject: [PATCH 6/9] sd-dhcp6: fix argument and error handling of |
||||
dhcp6_option_parse_status() |
||||
|
||||
(cherry picked from commit 91c43f3978fa7c8341550b9ca279e460ba7e74e6) |
||||
(cherry picked from commit 373cbfc8c6e9591b3c8cc12d58c4b31ac35ab24f) |
||||
(cherry picked from commit 0e93fd895daa6f0f578ffa8fc4ed3e0ea85c62e8) |
||||
(cherry picked from commit 6ea13fc82523bebaa08cf2ab8404e751a654261f) |
||||
--- |
||||
src/systemd/src/libsystemd-network/dhcp6-option.c | 10 ++++++---- |
||||
src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 9 +++++---- |
||||
2 files changed, 11 insertions(+), 8 deletions(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
index ff1cbf13d..cfddefcb5 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
@@ -465,13 +465,15 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { |
||||
|
||||
case SD_DHCP6_OPTION_STATUS_CODE: |
||||
|
||||
- status = dhcp6_option_parse_status(option, optlen); |
||||
- if (status) { |
||||
+ status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option)); |
||||
+ if (status < 0) { |
||||
+ r = status; |
||||
+ goto error; |
||||
+ } |
||||
+ if (status > 0) { |
||||
log_dhcp6_client(client, "IA status %d", |
||||
status); |
||||
|
||||
- dhcp6_lease_free_ia(ia); |
||||
- |
||||
r = -EINVAL; |
||||
goto error; |
||||
} |
||||
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
index b65c31171..15c4f445f 100644 |
||||
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c |
||||
@@ -828,13 +828,14 @@ static int client_parse_message( |
||||
break; |
||||
|
||||
case SD_DHCP6_OPTION_STATUS_CODE: |
||||
- status = dhcp6_option_parse_status(option, optlen); |
||||
- if (status) { |
||||
+ status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option)); |
||||
+ if (status < 0) |
||||
+ return status; |
||||
+ |
||||
+ if (status > 0) { |
||||
log_dhcp6_client(client, "%s Status %s", |
||||
dhcp6_message_type_to_string(message->type), |
||||
dhcp6_message_status_to_string(status)); |
||||
- dhcp6_lease_free_ia(&lease->ia); |
||||
- dhcp6_lease_free_ia(&lease->pd); |
||||
|
||||
return -EINVAL; |
||||
} |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From 19b82104da425efdb9ad0207ccabf5a1a091b81a Mon Sep 17 00:00:00 2001 |
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com> |
||||
Date: Fri, 19 Oct 2018 03:42:10 +0900 |
||||
Subject: [PATCH 7/9] sd-dhcp6: make dhcp6_option_parse_domainname() not store |
||||
empty domain |
||||
|
||||
This improves performance of fuzzer. |
||||
C.f. oss-fuzz#11019. |
||||
|
||||
(cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa) |
||||
(cherry picked from commit 50403cccee28c7dcd54b138a0d3b3f69ea0204fe) |
||||
(cherry picked from commit f11f5abb1a8b96b553d2d156f8b5cf440695c04d) |
||||
(cherry picked from commit c836279fca80fb22ca7ef02acaa5b987fee61123) |
||||
--- |
||||
.../src/libsystemd-network/dhcp6-option.c | 66 ++++++++----------- |
||||
1 file changed, 29 insertions(+), 37 deletions(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
index cfddefcb5..be5c22237 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
@@ -555,6 +555,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * |
||||
bool first = true; |
||||
|
||||
for (;;) { |
||||
+ const char *label; |
||||
uint8_t c; |
||||
|
||||
c = optval[pos++]; |
||||
@@ -562,47 +563,41 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * |
||||
if (c == 0) |
||||
/* End of name */ |
||||
break; |
||||
- else if (c <= 63) { |
||||
- const char *label; |
||||
- |
||||
- /* Literal label */ |
||||
- label = (const char *)&optval[pos]; |
||||
- pos += c; |
||||
- if (pos >= optlen) |
||||
- return -EMSGSIZE; |
||||
- |
||||
- if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) { |
||||
- r = -ENOMEM; |
||||
- goto fail; |
||||
- } |
||||
- |
||||
- if (first) |
||||
- first = false; |
||||
- else |
||||
- ret[n++] = '.'; |
||||
- |
||||
- r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX); |
||||
- if (r < 0) |
||||
- goto fail; |
||||
- |
||||
- n += r; |
||||
- continue; |
||||
- } else { |
||||
- r = -EBADMSG; |
||||
- goto fail; |
||||
- } |
||||
- } |
||||
+ if (c > 63) |
||||
+ return -EBADMSG; |
||||
+ |
||||
+ /* Literal label */ |
||||
+ label = (const char *)&optval[pos]; |
||||
+ pos += c; |
||||
+ if (pos >= optlen) |
||||
+ return -EMSGSIZE; |
||||
+ |
||||
+ if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) |
||||
+ return -ENOMEM; |
||||
+ |
||||
+ if (first) |
||||
+ first = false; |
||||
+ else |
||||
+ ret[n++] = '.'; |
||||
+ |
||||
+ r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX); |
||||
+ if (r < 0) |
||||
+ return r; |
||||
|
||||
- if (!GREEDY_REALLOC(ret, allocated, n + 1)) { |
||||
- r = -ENOMEM; |
||||
- goto fail; |
||||
+ n += r; |
||||
} |
||||
|
||||
+ if (n == 0) |
||||
+ continue; |
||||
+ |
||||
+ if (!GREEDY_REALLOC(ret, allocated, n + 1)) |
||||
+ return -ENOMEM; |
||||
+ |
||||
ret[n] = 0; |
||||
|
||||
r = strv_extend(&names, ret); |
||||
if (r < 0) |
||||
- goto fail; |
||||
+ return r; |
||||
|
||||
idx++; |
||||
} |
||||
@@ -610,7 +605,4 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * |
||||
*str_arr = TAKE_PTR(names); |
||||
|
||||
return idx; |
||||
- |
||||
-fail: |
||||
- return r; |
||||
} |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From 7dd0b1ae8cc44a6e3c91dc921a278f939d045f0d Mon Sep 17 00:00:00 2001 |
||||
From: Li Song <song.li@honeywell.com> |
||||
Date: Fri, 19 Oct 2018 13:41:51 -0400 |
||||
Subject: [PATCH 8/9] sd-dhcp: remove unreachable route after rebinding return |
||||
NAK |
||||
|
||||
(cherry picked from commit cc3981b1272b9ce37e7d734a7b2f42e84acac535) |
||||
(cherry picked from commit 915c2f675a23b2ae16d292d1ac570706f76b384d) |
||||
(cherry picked from commit cb77290a696dce924e2a993690634986ac035490) |
||||
(cherry picked from commit f211b140a5861ddedc2424946e3ab07d3b642b5f) |
||||
--- |
||||
src/systemd/src/libsystemd-network/sd-dhcp-client.c | 2 ++ |
||||
1 file changed, 2 insertions(+) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-client.c b/src/systemd/src/libsystemd-network/sd-dhcp-client.c |
||||
index c2f81e1c4..c28025410 100644 |
||||
--- a/src/systemd/src/libsystemd-network/sd-dhcp-client.c |
||||
+++ b/src/systemd/src/libsystemd-network/sd-dhcp-client.c |
||||
@@ -1649,6 +1649,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i |
||||
client->timeout_resend = |
||||
sd_event_source_unref(client->timeout_resend); |
||||
|
||||
+ client_notify(client, SD_DHCP_CLIENT_EVENT_EXPIRED); |
||||
+ |
||||
r = client_initialize(client); |
||||
if (r < 0) |
||||
goto error; |
||||
-- |
||||
2.17.1 |
||||
|
||||
|
||||
From 5a89e393279e8d0c8c2943b4cce99b91c5ebe903 Mon Sep 17 00:00:00 2001 |
||||
From: Lennart Poettering <lennart@poettering.net> |
||||
Date: Fri, 19 Oct 2018 12:12:33 +0200 |
||||
Subject: [PATCH 9/9] dhcp6: make sure we have enough space for the DHCP6 |
||||
option header |
||||
|
||||
Fixes a vulnerability originally discovered by Felix Wilhelm from |
||||
Google. |
||||
|
||||
CVE-2018-15688 |
||||
LP: #1795921 |
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1639067 |
||||
|
||||
(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892) |
||||
(cherry picked from commit 01ca2053bbea09f35b958c8cc7631e15469acb79) |
||||
(cherry picked from commit fc230dca139142f409d7bac99dbfabe9b004e2fb) |
||||
(cherry picked from commit cc1e5a7f5731f223d1eb8473fa0eecbedfc0ae5f) |
||||
--- |
||||
src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
index be5c22237..22970443d 100644 |
||||
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c |
||||
@@ -105,7 +105,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) { |
||||
return -EINVAL; |
||||
} |
||||
|
||||
- if (*buflen < len) |
||||
+ if (*buflen < offsetof(DHCP6Option, data) + len) |
||||
return -ENOBUFS; |
||||
|
||||
ia_hdr = *buf; |
||||
-- |
||||
2.17.1 |
||||
|
@ -0,0 +1,58 @@
@@ -0,0 +1,58 @@
|
||||
From 7b6c55fb10c8f500a79075a66d6f5387199392be Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Fri, 6 Jul 2018 15:54:16 +0200 |
||||
Subject: [PATCH] manager: accept non-null device for VPN activations |
||||
|
||||
Commit 10753c36168a ("manager: merge VPN handling into |
||||
_new_active_connection()") added a check to fail the activation of |
||||
VPNs when a device is passed to ActivateConnection(), since the device |
||||
argument is ignored for VPNs. |
||||
|
||||
This broke activating VPNs from nm-applet as nm-applet sets both the |
||||
specific_object (parent-connection) and device arguments in the |
||||
activation request. |
||||
|
||||
Note that we already check in _new_active_connection() that when a |
||||
device is supplied, it matches the device of the parent |
||||
connection. Therefore, the check can be dropped. |
||||
|
||||
Reported-by: Michael Biebl <biebl@debian.org> |
||||
Fixes: 10753c36168a82cd658df8a7da800960fddd78ed |
||||
|
||||
https://github.com/NetworkManager/NetworkManager/pull/159 |
||||
(cherry picked from commit e205664ba8c25939f1678d1b078a67989c180046) |
||||
(cherry picked from commit 9748aef7c7982ad1fe377ab6fc64255fcdb52762) |
||||
--- |
||||
src/nm-manager.c | 16 +--------------- |
||||
1 file changed, 1 insertion(+), 15 deletions(-) |
||||
|
||||
diff --git a/src/nm-manager.c b/src/nm-manager.c |
||||
index 0fea13de6..289dcf838 100644 |
||||
--- a/src/nm-manager.c |
||||
+++ b/src/nm-manager.c |
||||
@@ -4611,21 +4611,7 @@ validate_activation_request (NMManager *self, |
||||
} |
||||
} |
||||
|
||||
- if (is_vpn && device) { |
||||
- /* VPN's are treated specially. Maybe the should accept a device as well, |
||||
- * however, later on during activation, we don't handle the device. |
||||
- * |
||||
- * Maybe we should, and maybe it makes sense to specify a device |
||||
- * when activating a VPN. But for now, just error out. */ |
||||
- g_set_error_literal (error, |
||||
- NM_MANAGER_ERROR, |
||||
- NM_MANAGER_ERROR_UNKNOWN_DEVICE, |
||||
- "Cannot specify device when activating VPN"); |
||||
- return NULL; |
||||
- } |
||||
- |
||||
- nm_assert ( ( is_vpn && !device) |
||||
- || (!is_vpn && NM_IS_DEVICE (device))); |
||||
+ nm_assert (is_vpn || NM_IS_DEVICE (device)); |
||||
|
||||
*out_device = device; |
||||
*out_is_vpn = is_vpn; |
||||
-- |
||||
2.17.1 |
||||
|
Loading…
Reference in new issue